TikTok has officially confirmed that some employees outside the continent, including in China, can access the data of individuals using the app in Europe.
The news comes from the social media giant’s head of privacy in Europe, Elaine Fox, who has said access for staff in China was necessary to guarantee the app’s correct functionalities.
“Based on a demonstrated need to do their job, subject to a series of robust security controls and approval protocols, and by way of methods that are recognized under the [general data protection regulation] GDPR, we allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the United States, remote access to TikTok European user data,” Fox explained.
The move is bound to send ripples across the regulatory community, as TikTok was already under scrutiny in Europe and the US over concerns that user data could be passed to the Chinese state. TikTok has so far denied the claims, so Fox’s words may now be seen as a U-turn.
“It is only with modern data security practices that monitor actual operations in accordance with their privacy against personal information that TikTok will be able to provide sufficient transparency like this to privacy regulators, users and governments that they are truly privacy-conscious,” Mandy added.
The new rules will be applicable from December 2, according to the social media company. Their publication comes two months after Microsoft found a vulnerability in TikTok’s Android app, which could have allowed attackers to hijack user accounts remotely.